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DETAILED ACTION 

The instant application having Application No. 10/598,875 is presented for 
examination by the examiner. Claims 26, 28, 30, 31 , and 50-69 are pending. 

Response to Amendment 

Specification 

The specification is still objected because the actual inline reference on page 1, 
paragraph 3 are still present. The applicant has stricken out the Non-patent document 1 
& 2 from page 2. These references need to be moved and substituted in page 1 where 
the stricken references are still mentioned. For example the "see Hiroshi Maruyama et 
al., "Web..." can be placed inside the parenthesis located on page 1, paragraph 2, line 
3-4. 

Claim Objections 

The objection to claim 65 has been withdrawn. 

Claim Rejections - 35 USC § 101 

Claim rejections under 101 have been withdrawn. 



Claim Rejections - 35 USC §112 

Claim rejections under 112 have been withdrawn. 



Application/Control Number: 10/598,875 
Art Unit: 2431 



Page 3 



Response to Arguments 

Applicant's arguments filed 7/20/09 have been fully considered but they are not 
persuasive. Applicant has argued that Hinton in view of Sinclair do not teach that the 
first server receives the authentication policy from the second server. Examiner asserts 
that this limitation is not present in the claims. The claims merely recites that the first 
server obtains the authentication policy of the second server. This preposition "of does 
not imply "from". In the spirit of compact prosecution, Examiner asserts that even if the 
claims were amended to support this argument, the change would be an obvious one. 
Requiring the authentication policy originate directly from the second server, which is 
still obtained by the first server is merely a design choice and would be an obvious 
change. As long as the first server obtains the authentication policy of the second 
server, the path which the policy takes is inconsequential. One of ordinary skill in the 
art would readily appreciate any number of various minor modifications to the system. 

As per claims 30, 31 , 56, 57, 64, and 65, the argument concerning the identical 
authentication policy is not persuasive. Examiner has interpreted the wherein clause 
attributed to identical policies to mean that the first server copies the authentication 
policy of the server such that the first server now has the same policies of the second 
server. This does not preclude the first server from having other policies about the 
system. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 26, 54, and 62 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over USP 2004/0002878 to Hinton in view of USP Application Publication 
2004/0210767 to Sinclair et al., hereinafter Sinclair. 

As per claims 26, 54, and 62, Hinton teaches a method for recording server 
authentication information, comprising: 

establishing, by a first server of a plurality of servers in a federated computing 
environment, a trusting relationship between the first server and a second server of the 
plurality of servers (0046) wherein said establishing the trusting relationship comprises 
exchanging, by the first server, an electronic certificate of the first server with an 
electronic certificate of the second server in accordance with a Public Key Infrastructure 
(PKI) method (0047); 

after said establishing the trusting relationship, obtaining by the first server an 
authentication policy of the second server, wherein an authentication policy for each 
server of the plurality of servers is defined as at least one rule [rule set] of each server 
for authenticating users of the federated computing environment (0067). Hinton is silent 
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in explicitly teaching registering by the first server the authentication policy of the 
second server within the first server after said obtaining the authentication policy of the 
second server. Sinclair teaches after said obtaining the authentication policy of the 
second server, registering by the first server the authentication policy of the second 
server within the first server [data is replicated into the first server from the other 
servers, 0024]. Registering the authentication policies along with the servers would 
allow the user to authenticate without having to provide or choose the server in which 
he/she wants to authenticate with. If the first server registers the policies of the other 
trusted servers it would cut down on the information needed to be sent during sign-on. 
This change would then streamline the sign-on process making it more efficient. The 
claim would have been obvious because it is within the ordinary capabilities of one of 
ordinary skill in the art to substitute known method which produce predictable results. 
Hinton already teaches the first server can provide authentication functions to user of 
the local domain (0049). By copying the policies of other trusted domains, the first 
server would be able to quickly authenticate users from other domains by "pre-fetching" 
the other domains' policies. Hinton takes single sign-on to the point where a user only 
has to be authenticated once in a federated environment. Sinclair takes signal sign-on 
one step further by only needing the user to interact with any single server in order to 
authenticate in the domain. So many sign-ons with many different servers are reduced 
to one sign-on with one server without even having to necessarily interact with other 
servers during the sign-on process. 
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Claims 28, 55, and 63 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hinton and Sinclair as applied to claims 26, 54, and 62 and in further view of USP 
Application Publication 2001/0048025 to Shinn. 

As per claims 28, 55, and 63, Hinton does not explicitly teach the at least one 
rule includes a data size for fingerprint authentication, a data size for voice print 
authentication, or a combination thereof. Hinton teaches users may contract for 
different strengths of various authentication schemes. The strengths of passwords or 
biometric templates are known by their data size. The more bits the more strength. 
Shinn teaches the use of a biometric template used in authenticating fingerprints and 
voice prints (0033) which are two types of biometric authentication sources. Therefore it 
would have been obvious to one of ordinary skill in the art at the time of the invention to 
explicitly use fingerprints and voice print authentication within the system of Hinton 
because these are well known type of authentication sources. The size of the template 
dictates the strength and this too is notoriously well known in the art. These types of 
parameters [key length] are used in the defining policies relating to security strength. 
Biometric templates are converted into a binary unit and servers the same purpose as a 
password (key). 

Claims 30, 56, and 64 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hinton and Sinclair as applied to claims 26, 54, and 62 and in further view of USP 
Application Publication 2002/0091928 to Bouchard et al., hereinafter Bouchard. 
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As per claims 30, 56, and 64, Examiner supplies the same rationale for 
combining the registering of the authentication policy of the second server into the first 
server's authentication policy as recited in the rejection of claim 26. Hinton teaches an 
authentication policy table where the lists of the other trusted servers are stored (0060). 
It is inherent that the address or location to those servers in maintained as well in order 
to communicate with them. Hinton fails to teach a relative priority of each server of a 
group of servers having a same authentication policy in the authentication policy table. 
Bouchard teaches a system in which multiple servers can designate priority to other 
servers for authentication in order to balance the load of the system (0047). Load 
balancing in computer networks is well known in the art. Assigning priority to servers is 
also well known in the art. In a load balancing system, the systems with the least 
amount of load have the higher priority in determining which server to communicate 
with. And conversely, those servers which have the highest amount of traffic are the 
least likely to be requested. The claim would have been obvious because combining 
known methods in the art and yielding predictable results in within the ordinary 
capabilities of one of ordinary skill in the art. One of ordinary skill could have 
maintained a priority list to balance the load of the network. If all the servers are able to 
perform authentication, it is obvious that they can share in those duties so that one is 
not overwhelmed. 
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Claims 31, 57, and 65 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hinton and Sinclair as applied to claims 26, 54, and 62 and in further view of USP 
Application Publication 2004/0107212 to Friedrich et al., hereinafter Friedrich. 

As per claims 31 , 57, and 65, Examiner supplies the same rationale for 
combining the registering of the authentication policy of the second server into the first 
server's authentication policy as recited in the rejection of claim 26. Hinton teaches an 
authentication policy table where the lists of the other trusted servers are stored (0060). 

Hinton teaches server can communicate through the LDAP protocol (0029). 
Hinton teaches the authentication policy of the second server is identical to an 
authentication policy of the first server [servers of the same federated environment; 
001 1]. Hinton does not explicitly teaches wherein a first common identifier (ID) exists in 
an authentication information Lightweight Directory Access Protocol (LDAP) of the first 
server and in an authentication information LDAP of the second server, wherein the first 
common user ID is used by a first user in the first server and by a second user in the 
second server such that the second user differs from the first user, and wherein the 
method further comprises: after said registering the authentication policy of the second 
server, registering by the first server the first common user ID in a exceptional ID table 
of the first server, wherein the exceptional ID table of the first server stores common 
user IDs and an indication of one or more servers associated with each common user 
ID stored in the exceptional ID table of the first server. In Sinclair's system combined 
with Hinton, multiple servers combine together their known authentication policies 
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including those users belonging to each server. It is not unreasonable for one of 
ordinary skill to consider what would happen in the same user ID existed in both groups. 
LDAP, which is notoriously well known in the art and taught by Hinton and Friedrich, 
handles this occurrence through home repositories which are unique to each user even 
if the user name is common. Friedrich addresses this situation by maintaining the home 
repository of each user in conjunction with a unique identifier (probably the SID or some 
other unique attribute to the user) (0033). This solves the problem of common user 
names by creating a pointer to which server or repository that user belongs to. In view 
of this teaching, Examiner finds that claim is obvious because one of ordinary skill could 
have first recognized the potential for two users having a common user name and dealt 
with it in the means taught by Friedrich. 

Allowable Subject Matter 

Claims 50-53, 58-61 , and 66-69 are objected to as being dependent upon a 
rejected base claim, but would be allowable if rewritten in independent form including all 
of the limitations of the base claim and any intervening claims. 
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Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 



Application/Control Number: 10/598,875 Page 1 1 

Art Unit: 2431 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/M. R. V./ 

Examiner, Art Unit 2431 



/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 



